DNS Query Tracer & Visualizer

DNS Query Tracer & Visualizer

Animate recursive DNS resolution from your resolver to the authoritative nameserver. See every hop, RTT, TTL, and cache behaviour.

www.example.com mail.example.com www.google.com github.com api.cloudflare.com www.amazon.com www.wikipedia.org smtp.fastmail.com mx.example.net NXDOMAIN example
Simulated database: This tool uses a built-in DNS database (no real network queries are possible from a browser). Use the zone builder below to add any domain you want to test.
How it works: Your resolver asks the root nameservers for the TLD, then queries the TLD servers for the authoritative nameserver, then fetches the record. Each hop shows RTT and whether the answer was cached.
Define a custom zone — then query it like any other domain
Format: label type value TTL [priority]
Use @ for the zone apex. MX records take an extra priority field.
Supported types: A, AAAA, MX, NS, TXT, CNAME
1 Run this command on your system:
RECOMMENDED (most reliable — works on any domain): dig example.com Or Windows / Linux / macOS: nslookup example.com For full resolution path (may fail on CDN or complex DNS): dig +trace +tries=1 +nodnssec example.com To use a specific public DNS server: dig @8.8.8.8 example.com dig @1.1.1.1 example.com ⚠️ AVOID: dig +trace alone This fails on many domains (CDN-hosted, misconfigured DNS). Use the commands above instead.
Note: dig @8.8.8.8 +trace also fails — the @ flag only affects the first hop.
2 Copy the entire output and paste it below:
3 Visualize the parsed query path:
Querying root nameservers...

Resolution Path

MISS

Step-by-Step Resolution Log

# Server RTT Query / Response Type

Final Answer

TTL Cache Timer

DNS Message Inspector

DNS Concepts Reference

Recursive: Your stub resolver sends one query to a recursive resolver (e.g., 8.8.8.8). That resolver handles all the iterative work on your behalf and returns the final answer.

Iterative: Each nameserver returns a referral — "I don't know, but try this server". The recursive resolver follows referrals until it reaches the authoritative nameserver.

This tool simulates the iterative queries the recursive resolver makes internally: root → TLD → authoritative.
Every DNS record carries a TTL in seconds. Resolvers cache answers for that duration. While cached, subsequent queries are answered instantly (no network round-trips).

Common TTLs:
  • A/AAAA — 300 s (5 min) to 3600 s (1 hr)
  • MX — 3600 s typical
  • NS — 86400 s (24 hr) typical
  • TXT (SPF) — 3600 s typical
Low TTLs allow fast record changes; high TTLs reduce resolver load.
Authoritative nameserver: Holds the actual zone data (A records, MX records, etc.) for a domain. It answers with AA=1 (Authoritative Answer) set in the DNS header.

Recursive (caching) resolver: Does not hold zone data. It queries other servers on behalf of clients, caches results, and returns answers. Examples: 8.8.8.8, 1.1.1.1.
When a domain does not exist, the authoritative nameserver returns RCODE=NXDOMAIN. Resolvers cache this negative response for the duration of the zone's SOA minimum TTL (often 300–3600 s).

Negative caching (RFC 2308) prevents repeated queries for non-existent names.
When a zone's authoritative nameserver is within the zone itself (e.g., ns1.example.com for example.com), a circular dependency would arise. The parent TLD zone resolves this by including glue records — A records for the nameserver provided directly in the referral response, bypassing the need for an extra lookup.